• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-26288 – Node.js parse-server module information disclosure
January 1, 2021
Rewterz Threat Alert – Nanocore – IoCs
January 4, 2021

Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Financial Sector

January 2, 2021

Severity

High

Analysis Summary

Multiple fake/evil twin pages of “HBL Internet Banking” have been found targeting users to rob them off from their credentials. A domain “https[:]//airac[.]org[.]do” having fake/evil twin pages of “HBL Internet Banking” hosted on it. The purpose of these fake/evil twin pages is to steal the credentials of the Internet Banking users.

Moreover, upon analysis we have found that the fake/evil twin Internet Banking pages of different Banks of Pakistan and FBR return portal showing Internet Banking Links and Images of different Pakistani Banks on the same domain.

These type of urls are mostly used in phishing email campaign as the URLs are anchored behind any image or legitimate text and upon clicking the users are directed to the fake Internet Banking Pages so that the user enters the details and other confidential details like OTP, Transaction Code/Password, Card Number and CVV.

update-1609586853.png

Impact

  • Credential theft
  • Exposure of sensitive data
  • Financial loss

Indicators of Compromise

URL

  • https[:]//airac[.]org[.]do/fbr/fbr2021/allaccounts/hbl[.]com[.]pk/hbl[.]com[.]pk
  • https[:]//airac[.]org[.]do/fbr/fbr2021/allaccounts/hbl[.]com[.]pk/hbl[.]com[.]pk/hbl[.]php
  • https[:]//airac[.]org[.]do/fbr/fbr2021/allaccounts/hbl/hbl[.]html
  • https[:]//airac[.]org[.]do/fbr/fbr2021/allaccounts/hbl/hbl2[.]html

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.